middleware

ylebre · ylebre · commit 5376710e4191 · 2022-09-02T21:04:25.000+02:00
diff --git a/solid/lib/AppInfo/Application.php b/solid/lib/AppInfo/Application.php
@@ -55,11 +55,17 @@ public function register(IRegistrationContext $context): void {
 			return $c->query('UserSession')->getUser();
 		});
 
-		$context->registerService('SolidCorsMiddleware', function($c) {
-		        return new SolidCorsMiddleware();
-		});
+                /**
+                 * Middleware
+                 */
+                $container->registerService(SolidCorsMiddleware::class, function(IServerContainer $c): SolidCorsMiddleware{
+                        return new SolidCorsMiddleware(
+                            $c->get(IRequest::class)
+                        );
+                });
 
-		$context->registerMiddleware('SolidCorsMiddleware');
+                // executed in the order that it is registered
+                $container->registerMiddleware(SolidCorsMiddleware::class);
 	}
 
 	public function boot(IBootContext $context): void {
diff --git a/solid/lib/Middleware/SolidCorsMiddleware.php b/solid/lib/Middleware/SolidCorsMiddleware.php
@@ -1,17 +1,31 @@
 <?php
     namespace OCA\Solid\Middleware;
 
-    use \OCP\AppFramework\Middleware;
-    use \OCP\IRequest;
+    use OCP\AppFramework\Middleware;
+    use OCP\AppFramework\Http\Response;
+    use OCP\IResponse;
+    use OCP\IRequest;
 
     class SolidCorsMiddleware extends Middleware {
-        public function afterController($controller, $methodName, IResponse $response) {
+        private $request;
+
+        public function __construct(IRequest $request) {
+            $this->request = $request;
+        }
+
+        public function afterController($controller, $methodName, Response $response) {
             $corsMethods="GET, PUT, POST, OPTIONS, DELETE, PATCH";
             $corsAllowedHeaders="*, allow, accept, authorization, content-type, dpop, slug";
             $corsMaxAge=1728000;
             $corsExposeHeaders="Authorization, User, Location, Link, Vary, Last-Modified, ETag, Accept-Patch, Accept-Post, Updates-Via, Allow, WAC-Allow, Content-Length, WWW-Authenticate, MS-Author-Via";
             $corsAllowCredentials=true;
-            
+
+            if (isset($this->request->server['HTTP_ORIGIN'])) {
+                $corsAllowOrigin = $this->request->server['HTTP_ORIGIN'];
+            } else {
+                $corsAllowOrigin = '*';
+            }
+
             $response->addHeader('Access-Control-Allow-Origin', $corsAllowOrigin);
             $response->addHeader('Access-Control-Allow-Methods', $corsMethods);
             $response->addHeader('Access-Control-Allow-Headers', $corsAllowedHeaders);
